Air gapped PCs can be tapped with simple feature phones

Israeli security researchers have demonstrated it's possible to hack a completely air gapped PC with no network, WiFi, Bluetooth nor USB connectivity using little more than an old cell phone. Simple feature phone are often allowed into sensitive environments where smartphones are not. The technique works by using the GSM network, electromagnetic waves and a basic, low-end cell phone and shows how PCs in the strictest security environments could potentially get hacked.

There's a big catch though, for the whole scheme to work the PC and the cell phone need to be infected by the specially crafted GSMem malware. The researches argue this could potentially be achieved via supply chain infiltration or social engineering. Once the GSMem malware is in place, the attack enables wireless exfiltration of data via electromagnetic emissions.

The GSMem malware is a footprint of just 4 kilobytes of memory when operating, making it difficult to detect. It consists of just a series of simple CPU instructions without interaction with the API, which helps to shield it from anti-virus tools designed to monitor malicious API activity. Full details at Wired.

When data moves between the CPU and RAM of a computer, radio waves get emitted as a matter of course. Normally the amplitude of these waves wouldn’t be sufficient to transmit messages to a phone, but the researchers found that by generating a continuous stream of data over the multi-channel memory buses on a computer, they could increase the amplitude and use the generated waves to carry binary messages to a receiver.

Multi-channel memory configurations allow data to be simultaneously transferred via two, three, or four data buses. When all these channels are used, the radio emissions from that data exchange can increase by 0.1 to 0.15 dB.

The GSMem malware exploits this process by causing data to be exchanged across all channels to generate sufficient amplitude. But it does so only when it wants to transmit a binary 1. For a binary 0, it allows the computer to emit at its regular strength. The fluctuations in the transmission allow the receiver in the phone to distinguish when a 0 or a 1 is being transmitted.